PHPDeveloper.orghttp://www.phpdeveloper.org
Up-to-the Minute PHP News, views and communityen-usTue, 31 Mar 2015 17:06:29 -050030http://www.phpdeveloper.org/news/22252http://www.phpdeveloper.org/news/22252
In his latest post Joe Watkins talks about mocking PHP. No, not making fun of the language but rather mocking internal PHP functions and methods as a part of unit testing your application.

I work on a vast PHP code base, it is 3M LOC of PHP alone. It's somewhere between legacy and modern, work is ongoing. [...] When I joined the current project there were many many tests, they relied upon the kind of unholy magic that runkit allows you to perform, for the most part this worked okay for a while. However, runkit inexplicably caused many of the tests to fault, either at shutdown, or at random.

[...] So we were in a bit of a jam, I've always found runkit to be quite awkward, and now I'm staring its source code in the face knowing it represents a road block to my goal of running the latest stable versions of PHP, with the first decent optimizer that ever existed for Zend. I tackled the problem with code, code which I was allowed by my gracious employer to open source (the uopz extension).

He goes on to talk about what the actual root problem he was trying to solve was (dodging code with built-in functions), the "obvious" way to solve it using runkit or the more modern solution that uses the uopz extension. He provides an example of it in use mocking the fopen function with a "uopz_function" wrapper.

Link: http://blog.krakjoe.ninja/2015/01/mocking-php.html]]>Mon, 19 Jan 2015 12:23:39 -0600http://www.phpdeveloper.org/news/21534http://www.phpdeveloper.org/news/21534
Joshua Thjissen has revisited some of his PHP internal function statistics, an update from this previous post with some results showing the most (and least) used internal PHP functions in several large projects from GitHub.

A lot of people are asking about functions like isset, empty, print, echo etc, as they are not present in the current result list. The thing is, is that these are not really functions, but language constructs. This means that PHP treats them a bit different than normal functions, and this results sometimes in seemingly "strange" behaviour when trying to use them like regular functions.

He's updated his results, though, to reflect the usage of these "functions" and shared the numbers. Not surprisingly, these constructs show up pretty highly in the new "top 22" list he's produced. With the inclusion of the constructs, the number one item on the list is now "isset" by a very large margin. The full results can be found in this gist.

Link: https://www.adayinthelifeof.nl/2014/08/05/internal-php-function-usage-revisited/]]>Wed, 06 Aug 2014 11:53:34 -0500http://www.phpdeveloper.org/news/21490http://www.phpdeveloper.org/news/21490
Curious about the usage of the various "internal" (built-in, not user defined) functions in use is a wide range of PHP applications, Joshua Thijssendid some research on GitHub and has shared the results on his site today.

How many internal PHP functions (things like count(), strpos(), array_merge() etc), does PHP have? Depending on which version you use, and how many extensions you have loaded, somewhere between 1000 and 2000 would be a good guess. But how many of these internal functions are you REALLY using?

He created a custom script to fetch the results of a custom query (one that found repos with over fifty stars), grabbed the source and parsed the results looking for these internal functions. He shares the results of his parsing from 967 repos in the remainder of the post, including: the top ten most called, some interesting facts found in the results and some of the "bad" ones in wide use (like "exec" and "mysql_connect").

Link: https://www.adayinthelifeof.nl/2014/07/25/internal-php-function-usage/]]>Mon, 28 Jul 2014 10:05:39 -0500http://www.phpdeveloper.org/news/20041http://www.phpdeveloper.org/news/20041
In Lukas Smith's latest post he looks at one of the magic methods that's built into PHP to help transform objects into strings - the __toString method. In the post he explores what it's for and what it might be used for.

The __toString() belongs to the family of methods and functions called "magic functions". They are magic because for the most part they do not get called explicitly but rather intercept operations. Unfortunately there are limits to its magic, specifically the only "context" the method is aware of is its design contract: to return a string. But its not clear what purpose that is. Should this be for some internal debugging or logging purposes? There one would be most interested in internal identifiers and object state. Is it for some frontend UI where the user will most likely be interested in some textual identifier that isn't too long as to not clutter the UI. There in lies the dilemma in the magic, while useful there is no way to ensure that the given context is passed on.

He looks at use cases for UI output (for consistent output) and contexts as well as the more internal-facing usage, like for logging and debugging purposes. Being able to get the context of the object as a string and pushed into a log at the time of error could be immensely helpful for debugging. He also links to somediscussions happening on Twitter about the internal versus external uses of this magic method.

Link: http://pooteeweet.org/blog/0/2231#m2231]]>Wed, 28 Aug 2013 09:14:39 -0500http://www.phpdeveloper.org/news/19771http://www.phpdeveloper.org/news/19771
PHPMaster.com has a new tutorial for those interested in how to work with streams, he base resources behind working with things like files and remote connections.

Streams are resources provided by PHP that we often use transparently, but which can also be very powerful tools. By learning how to harness their power, we can take our applications to a higher level. [...] Every stream has a implementation wrapper which has the additional code necessary to handle the specific protocol or encoding. PHP provides some built-in wrappers and we can easily create and register custom ones. We can even modify or enhance the behavior of wrappers using contexts and filters.

They start by introducing two of the most commonly used streams - "file" and "http" as well as some of the wrappers that can be used to work with them. He also talks about the "php://" stream, a special instance that lets you access things like a temporary memory block and stdout/stdin. He finishes up the tutorial with a look at "contexts" - the parameters that can be used to modify the stream wrapper (like his HTTP example).

Link: http://phpmaster.com/%EF%BB%BFunderstanding-streams-in-php]]>Wed, 26 Jun 2013 10:43:45 -0500http://www.phpdeveloper.org/news/19327http://www.phpdeveloper.org/news/19327
In this new post to his site Andrew Podner looks at using the Stackato software from ActiveState to provide a Platform-as-a-Service environment on any cloud infrastructure.

So, now it is settled, I want to stay inside the corporate firewall, but I want each application isolated from the next, and by the way, there is no budget for any of this. I posted about three PaaS providers a while back, and started thinking that what I really needed was PaaS, but I needed to be able to host the PaaS environment inside a corporate LAN. Off to search the web. Surprisingly, there were not just a ton of viable results in that search. Even more surprising...hard to find one with a "download here" button. No matter how I searched though, one company & product kept popping up: Stackato by ActiveState. The words "Free Micro Cloud" were a very encouraging sign. So let's take this thing for a spin and see just how easy it is...

He walks you through the installation process - downloading the VMs, setting up the initial configuration and how to use the command line tool to deploy your own applications (several come preconfigured though). He also includes an example configuration (YAML) you can use to configure custom applications and some sample code showing a database connection.

]]>Mon, 18 Mar 2013 12:17:51 -0500http://www.phpdeveloper.org/news/17749http://www.phpdeveloper.org/news/17749
Nikita Popov has posted the fourth part of the "PHP's Source Code for PHP Developers" series he and Anthony Ferrara have been posting. In this latest article in the series, Nikita looks specifically at PHP's array implementation and how it's handed "behind the scenes".

Welcome back to the fourth part of the "PHP's Source Code for PHP Developers" series, in which we'll cover how PHP arrays are internally represented and used throughout the code base.

He starts with an obvious foundation: "everything's a hash table" (even properties, classes and yes, arrays). He describes what a hash table is and talks about two of the most commonly used versions of it in the PHP source - HashTable and Bucket. He gets into their usage a bit and compares this to the corresponding PHP code that uses a standard array.

]]>Thu, 29 Mar 2012 09:16:02 -0500http://www.phpdeveloper.org/news/17688http://www.phpdeveloper.org/news/17688
Following this recent post from Anthony Ferraara about the source code of the PHP language itself, Nikita Popov is working with him and has produced the second part of the series, a look at finding the internal function definitions for the PHP functions you use every day.

In the previous part ircmaxell explained where you can find the PHP source code and how it is basically structured and also gave a small introduction to C (as that's the language PHP is written in). If you missed that post, you probably should read it before starting with this one. What we'll cover in this article is locating the definitions of internal functions in the PHP codebase, as well as understanding them.

He starts with a basic example - a string function, strpos. He shows a handy searching trick to help find the actual function definition and which matches should be given priority. He lays out a typical skeleton of a PHP function definition and gets into some detail as to what this particular function does (in C). He briefly mentions the Zend Engine functions and a look ahead to finding classes and methods.

]]>Mon, 19 Mar 2012 08:17:48 -0500http://www.phpdeveloper.org/news/17640http://www.phpdeveloper.org/news/17640
Brandon Savage has a new post to his blog about what he calls a XSS vulnerability in the making, something to watch out for when you're doing validation in PHP involving the possibility of numbers as strings.

Back in September, Socorro received a security bug relating to the method we were using for processing inputs for the duration of certain reports. The vulnerability included a proof of concept, with an alert box popping up on production when the link was followed. [...] I was quite surprised at the root cause of the vulnerability. We had opted to compare the incoming data against a known set of valid values - a common practice when whitelisting certain inputs. [...] As expected, when this [example] code is tested, a string of '3' and an integer of 3 work equally well, and a string of '5' and an integer of 5 fail equally.

This automatic casting that PHP does internally caused another issue as well - if the string passed in even started with a valid number from their whitelist set, it still passed.

At first we thought this surely had to be a bug in PHP. However, Laura Thomson told me "If comparing two values, type juggling is performed first, which means that the string is converted to a number. This is done by taking the first number found in the string. So this may be confusing/a quirk/a gotcha, but it isn't a bug." And she's right: this isn't a bug per se, but it's certainly an interesting "gotcha."

]]>Wed, 07 Mar 2012 12:02:46 -0600http://www.phpdeveloper.org/news/15994http://www.phpdeveloper.org/news/15994
Alexey Zakhlestin has a new post today with some of his own thoughts on the suggestion for a built-in web server (RFC) that's been floating around lately - a tool that would act as a simple server right out of the box without much in the way of configuration.